A new report from Check Point Research has shown that hackers have registered domains posing as Zoom, Microsoft Teams, and Google Meet-related URLs.
More people are using these videoconferencing services during the COVID-19 pandemic. The domains could be used to pose as official links, potentially tricking people into downloading malware or accidentally giving bad actor access to personal information.
According to reports, in the last three weeks, 2,449 Zoom-related domains have been registered, and Check Point Research determined that 32 of those domains are malicious and 320 are “suspicious.” And in one instance of attempted phishing, hackers sent an email that looks like an official email from Microsoft Teams, but a button in the email to “open” Teams was a malicious URL that downloaded malware to the user’s computer.
Check Point Research also said that these hackers are also sending phishing emails disguising as the World Health Organisation with an attached file that downloads malware when clicked.
The report also included the text of two emails soliciting donations for the WHO and the United Nations, but requesting that the donations be sent to “several known compromised” bitcoin wallets.
Google also reported it has seen donation scam emails posing as the WHO. In mid-April, Google saw more than 18 million daily malware and phishing emails related to COVID-19 in just a week.
